Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Debug permission on supplier order.
Fix #huntr58ddbd8a-0faf-4b3f-aec9-5850bb19ab67
  • Loading branch information
eldy committed Nov 20, 2021
1 parent 001507f commit 63cd063
Show file tree
Hide file tree
Showing 8 changed files with 101 additions and 47 deletions.
3 changes: 2 additions & 1 deletion htdocs/core/menus/standard/eldy.lib.php
Expand Up @@ -2149,7 +2149,8 @@ function print_left_eldy_menu($db, $menu_array_before, $menu_array_after, &$tabM
// Not enabled but visible (so greyed), except if parent was not enabled.
print '<div class="menu_contenu'.$cssmenu.'">';
print $tabstring;
print '<span class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</span><br></div>'."\n";
print '<span class="vsmenudisabled vsmenudisabledmargin">'.$menu_array[$i]['titre'].'</span><br>';
print '</div>'."\n";
}
}

Expand Down
9 changes: 8 additions & 1 deletion htdocs/fourn/class/fournisseur.commande.class.php
Expand Up @@ -2295,7 +2295,14 @@ public function Livraison($user, $date, $type, $comment)

dol_syslog(get_class($this)."::Livraison");

if ($user->rights->fournisseur->commande->receptionner) {
$usercanreceive = 0;
if (empty($conf->reception->enabled)) {
$usercanreceive = $user->rights->fournisseur->commande->receptionner;
} else {
$usercanreceive = $user->rights->reception->creer;
}

if ($usercanreceive) {
// Define the new status
if ($type == 'par') {
$statut = self::STATUS_RECEIVED_PARTIALLY;
Expand Down
9 changes: 7 additions & 2 deletions htdocs/fourn/commande/card.php
Expand Up @@ -90,7 +90,6 @@
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');

// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('ordersuppliercard', 'globalcard'));
Expand Down Expand Up @@ -124,6 +123,8 @@
}
}

$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');

// Common permissions
$usercanread = ($user->rights->fournisseur->commande->lire || $user->rights->supplier_order->lire);
$usercancreate = ($user->rights->fournisseur->commande->creer || $user->rights->supplier_order->creer);
Expand All @@ -136,7 +137,11 @@
$usercanapprove = $user->rights->fournisseur->commande->approuver;
$usercanapprovesecond = $user->rights->fournisseur->commande->approve2;
$usercanorder = $user->rights->fournisseur->commande->commander;
$usercanreceived = $user->rights->fournisseur->commande->receptionner;
if (empty($conf->reception->enabled)) {
$usercanreceive = $user->rights->fournisseur->commande->receptionner;
} else {
$usercanreceive = $user->rights->reception->creer;
}

// Permissions for includes
$permissionnote = $usercancreate; // Used by the include of actions_setnotes.inc.php
Expand Down
49 changes: 34 additions & 15 deletions htdocs/fourn/commande/dispatch.php
Expand Up @@ -62,11 +62,6 @@
if ($user->socid) {
$socid = $user->socid;
}
$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');

if (empty($conf->stock->enabled)) {
accessforbidden();
}

$hookmanager->initHooks(array('ordersupplierdispatch'));

Expand All @@ -89,6 +84,21 @@
}
}

if (empty($conf->reception->enabled)) {
$permissiontoreceive = $user->rights->fournisseur->commande->receptionner;
$permissiontocontrol = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande_advance->check)));
} else {
$permissiontoreceive = $user->rights->reception->creer;
$permissiontocontrol = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->creer)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->reception_advance->validate)));
}

// $id is id of a purchase order.
$result = restrictedArea($user, 'fournisseur', $id, 'commande_fournisseur', 'commande');

if (empty($conf->stock->enabled)) {
accessforbidden();
}


/*
* Actions
Expand All @@ -100,7 +110,7 @@
setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
}

if ($action == 'checkdispatchline' && !((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check)))) {
if ($action == 'checkdispatchline' && $permissiontocontrol) {
$error = 0;
$supplierorderdispatch = new CommandeFournisseurDispatch($db);

Expand Down Expand Up @@ -137,7 +147,7 @@
}
}

if ($action == 'uncheckdispatchline' && !((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check)))) {
if ($action == 'uncheckdispatchline' && $permissiontocontrol) {
$error = 0;
$supplierorderdispatch = new CommandeFournisseurDispatch($db);

Expand Down Expand Up @@ -173,7 +183,7 @@
}
}

if ($action == 'denydispatchline' && !((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check)))) {
if ($action == 'denydispatchline' && $permissiontocontrol) {
$error = 0;
$supplierorderdispatch = new CommandeFournisseurDispatch($db);

Expand Down Expand Up @@ -209,7 +219,7 @@
}
}

if ($action == 'dispatch' && $user->rights->fournisseur->commande->receptionner) {
if ($action == 'dispatch' && $permissiontoreceive) {
$error = 0;

$db->begin();
Expand Down Expand Up @@ -387,7 +397,7 @@
}

// Remove a dispatched line
if ($action == 'confirm_deleteline' && $confirm == 'yes' && $user->rights->fournisseur->commande->receptionner) {
if ($action == 'confirm_deleteline' && $confirm == 'yes' && $permissiontoreceive) {
$db->begin();

$supplierorderdispatch = new CommandeFournisseurDispatch($db);
Expand Down Expand Up @@ -430,7 +440,7 @@
}

// Update a dispatched line
if ($action == 'updateline' && $user->rights->fournisseur->commande->receptionner) {
if ($action == 'updateline' && $permissiontoreceive) {
$db->begin();
$error = 0;

Expand Down Expand Up @@ -751,9 +761,9 @@

// Select warehouse to force it everywhere
if (count($listwarehouses) > 1) {
print '<br>'.$langs->trans("ForceTo").' '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 1, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1);
print '<br><span class="opacitymedium">'.$langs->trans("ForceTo").'</span> '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 1, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1);
} elseif (count($listwarehouses) == 1) {
print '<br>'.$langs->trans("ForceTo").' '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 0, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1);
print '<br><span class="opacitymedium">'.$langs->trans("ForceTo").'</span> '.$form->selectarray('fk_default_warehouse', $listwarehouses, $fk_default_warehouse, 0, 0, 0, '', 0, 0, $disabled, '', 'minwidth100 maxwidth300', 1);
}

print '</td>';
Expand Down Expand Up @@ -1055,10 +1065,19 @@

$dispatchBt = empty($conf->reception->enabled) ? $langs->trans("Receive") : $langs->trans("CreateReception");

print '<br><input type="submit" class="button" name="dispatch" value="'.dol_escape_htmltag($dispatchBt).'"';
print '<br>';
print '<input type="submit" class="button" name="dispatch" value="'.dol_escape_htmltag($dispatchBt).'"';
$disabled = 0;
if (!$permissiontoreceive) {
$disabled = 1;
}
if (count($listwarehouses) <= 0) {
$disabled = 1;
}
if ($disabled) {
print ' disabled';
}

print '>';
}
print '</div>';
Expand Down Expand Up @@ -1257,7 +1276,7 @@

// Add button to check/uncheck disaptching
print '<td class="center">';
if ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && empty($user->rights->fournisseur->commande_advance->check))) {
if (!$permissiontocontrol) {
if (empty($objp->status)) {
print '<a class="button buttonRefused" href="#">'.$langs->trans("Approve").'</a>';
print '<a class="button buttonRefused" href="#">'.$langs->trans("Deny").'</a>';
Expand Down
57 changes: 33 additions & 24 deletions htdocs/reception/card.php
Expand Up @@ -112,9 +112,6 @@
// Initialize technical object to manage hooks of page. Note that conf->hooks_modules contains array of hook context
$hookmanager->initHooks(array('receptioncard', 'globalcard'));

$permissiondellink = $user->rights->reception->creer; // Used by the include of actions_dellink.inc.php
//var_dump($object->lines[0]->detail_batch);

$date_delivery = dol_mktime(GETPOST('date_deliveryhour', 'int'), GETPOST('date_deliverymin', 'int'), 0, GETPOST('date_deliverymonth', 'int'), GETPOST('date_deliveryday', 'int'), GETPOST('date_deliveryyear', 'int'));

if ($id > 0 || !empty($ref)) {
Expand Down Expand Up @@ -142,16 +139,31 @@
$socid = $user->socid;
}

if ($origin == 'reception') {
if (!empty($conf->reception->enabled) || $origin == 'reception' || empty($origin)) {
$result = restrictedArea($user, 'reception', $id);
} else {
// We do not use the reception module, so we test permission on the supplier orders
if ($origin == 'supplierorder' || $origin == 'order_supplier') {
$result = restrictedArea($user, 'fournisseur', $origin_id, 'commande_fournisseur', 'commande');
} elseif (empty($user->rights->{$origin}->lire) && empty($user->rights->{$origin}->read)) {
accessforbidden();
}
}

if (!empty($conf->reception->enabled)) {
$permissiontoread = $user->rights->reception->lire;
$permissiontoadd = $user->rights->reception->creer;
$permissiondellink = $user->rights->reception->creer; // Used by the include of actions_dellink.inc.php
$permissiontovalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->creer)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->reception_advance->validate)));
$permissiontodelete = $user->rights->reception->supprimer;
} else {
$permissiontoread = $user->rights->fournisseur->commande->receptionner;
$permissiontoadd = $user->rights->fournisseur->commande->receptionner;
$permissiondellink = $user->rights->fournisseur->commande->receptionner; // Used by the include of actions_dellink.inc.php
$permissiontovalidate = ((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande->receptionner)) || (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->fournisseur->commande_advance->check)));
$permissiontodelete = $user->rights->fournisseur->commande->receptionner;
}


/*
* Actions
Expand All @@ -171,12 +183,12 @@
include DOL_DOCUMENT_ROOT.'/core/actions_dellink.inc.php'; // Must be include, not include_once

// Reopen
if ($action == 'reopen' && $user->rights->reception->creer) {
if ($action == 'reopen' && $permissiontoadd) {
$result = $object->reOpen();
}

// Confirm back to draft status
if ($action == 'modif' && $user->rights->reception->creer) {
if ($action == 'modif' && $permissiontoadd) {
$result = $object->setDraft($user);
if ($result >= 0) {
// Define output language
Expand All @@ -201,11 +213,11 @@
}

// Set incoterm
if ($action == 'set_incoterms' && !empty($conf->incoterm->enabled)) {
if ($action == 'set_incoterms' && !empty($conf->incoterm->enabled) && $permissiontoadd) {
$result = $object->setIncoterms(GETPOST('incoterm_id', 'int'), GETPOST('location_incoterms', 'alpha'));
}

if ($action == 'setref_supplier') {
if ($action == 'setref_supplier' && $permissiontoadd) {
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}
Expand All @@ -220,7 +232,7 @@
}
}

if ($action == 'update_extras') {
if ($action == 'update_extras' && $permissiontoadd) {
$object->oldcopy = dol_clone($object);

// Fill array 'array_options' with data from update form
Expand All @@ -244,7 +256,7 @@
}

// Create reception
if ($action == 'add' && $user->rights->reception->creer) {
if ($action == 'add' && $permissiontoadd) {
$error = 0;
$predef = '';

Expand Down Expand Up @@ -405,10 +417,7 @@
$_GET["commande_id"] = GETPOST('commande_id', 'int');
$action = 'create';
}
} elseif ($action == 'confirm_valid' && $confirm == 'yes' &&
((empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->creer))
|| (!empty($conf->global->MAIN_USE_ADVANCED_PERMS) && !empty($user->rights->reception->reception_advance->validate)))
) {
} elseif ($action == 'confirm_valid' && $confirm == 'yes' && $permissiontovalidate) {
$object->fetch_thirdparty();

$result = $object->valid($user);
Expand Down Expand Up @@ -440,7 +449,7 @@
}
}
}
} elseif ($action == 'confirm_delete' && $confirm == 'yes' && $user->rights->reception->supprimer) {
} elseif ($action == 'confirm_delete' && $confirm == 'yes' && $permissiontodelete) {
$result = $object->delete($user);
if ($result > 0) {
header("Location: ".DOL_URL_ROOT.'/reception/index.php');
Expand All @@ -455,7 +464,7 @@
if ($result < 0) {
setEventMessages($object->error, $object->errors, 'errors');
}*/
} elseif ($action == 'setdate_livraison' && $user->rights->reception->creer) {
} elseif ($action == 'setdate_livraison' && $permissiontoadd) {
//print "x ".$_POST['liv_month'].", ".$_POST['liv_day'].", ".$_POST['liv_year'];
$datedelivery = dol_mktime(GETPOST('liv_hour', 'int'), GETPOST('liv_min', 'int'), 0, GETPOST('liv_month', 'int'), GETPOST('liv_day', 'int'), GETPOST('liv_year', 'int'));

Expand Down Expand Up @@ -506,7 +515,7 @@
}

$action = "";
} elseif ($action == 'builddoc') {
} elseif ($action == 'builddoc' && $permissiontoread) {
// Build document
// En get ou en post
// Save last template used to generate document
Expand All @@ -532,7 +541,7 @@
setEventMessages($object->error, $object->errors, 'errors');
$action = '';
}
} elseif ($action == 'remove_file') {
} elseif ($action == 'remove_file' && $permissiontoadd) {
// Delete file in doc form
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';

Expand All @@ -550,13 +559,13 @@
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
exit();
}
} elseif ($action == 'classifyclosed') {
} elseif ($action == 'classifyclosed' && $permissiontoread) {
$result = $object->setClosed();
if ($result >= 0) {
header('Location: '.$_SERVER["PHP_SELF"].'?id='.$object->id);
exit();
}
} elseif ($action == 'deleteline' && !empty($line_id)) {
} elseif ($action == 'deleteline' && !empty($line_id) && $permissiontoread) {
// delete a line
$lines = $object->lines;
$line = new CommandeFournisseurDispatch($db);
Expand All @@ -579,7 +588,7 @@
} else {
setEventMessages($line->error, $line->errors, 'errors');
}
} elseif ($action == 'updateline' && $user->rights->reception->creer && GETPOST('save')) {
} elseif ($action == 'updateline' && GETPOST('save') && $permissiontoadd) {
// Update a line
// Clean parameters
$qty = 0;
Expand Down Expand Up @@ -666,11 +675,11 @@
$object->generateDocument($object->model_pdf, $outputlangs, $hidedetails, $hidedesc, $hideref);
}
} else {
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // Pour reaffichage de la fiche en cours d'edition
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // To reshow the record we edit
exit();
}
} elseif ($action == 'updateline' && $user->rights->reception->creer && GETPOST('cancel', 'alpha') == $langs->trans("Cancel")) {
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // Pour reaffichage de la fiche en cours d'edition
} elseif ($action == 'updateline' && $permissiontoadd && GETPOST('cancel', 'alpha') == $langs->trans("Cancel")) {
header('Location: '.$_SERVER['PHP_SELF'].'?id='.$object->id); // To reshow the record we edit
exit();
}

Expand Down
4 changes: 2 additions & 2 deletions htdocs/theme/eldy/global.inc.php
Expand Up @@ -2881,12 +2881,12 @@
color: #202020;
margin: 1px 1px 1px 6px;
}
font.vsmenudisabled { font-family: <?php print $fontlist ?>; text-align: <?php print $left; ?>; color: #aaa; }
span.vsmenudisabled, font.vsmenudisabled { font-family: <?php print $fontlist ?>; text-align: <?php print $left; ?>; color: #aaa; }
a.vsmenu:link, a.vsmenu:visited {
color: var(--colortextbackvmenu);
white-space: nowrap;
}
font.vsmenudisabledmargin { margin: 1px 1px 1px 6px; }
span.vsmenudisabledmargin, font.vsmenudisabledmargin { margin: 1px 1px 1px 6px; }
li a.vsmenudisabled, li.vsmenudisabled { color: #aaa !important; }

a.help:link, a.help:visited, a.help:hover, a.help:active, span.help { text-align: <?php print $left; ?>; color: #aaa; text-decoration: none; }
Expand Down
4 changes: 2 additions & 2 deletions htdocs/theme/md/style.css.php
Expand Up @@ -2928,9 +2928,9 @@
a.vmenu:link, a.vmenu:visited { color: #<?php echo $colortextbackvmenu; ?>; }

a.vsmenu:link, a.vsmenu:visited, a.vsmenu:hover, a.vsmenu:active, span.vsmenu { font-size:<?php print $fontsize ?>px; font-family: <?php print $fontlist ?>; text-align: <?php print $left; ?>; font-weight: normal; color: #202020; margin: 1px 1px 1px 8px; }
font.vsmenudisabled { font-size:<?php print $fontsize ?>px; font-family: <?php print $fontlist ?>; text-align: <?php print $left; ?>; font-weight: normal; color: #aaa; }
span.vsmenudisabled, font.vsmenudisabled { font-size:<?php print $fontsize ?>px; font-family: <?php print $fontlist ?>; text-align: <?php print $left; ?>; font-weight: normal; color: #aaa; }
a.vsmenu:link, a.vsmenu:visited { color: #<?php echo $colortextbackvmenu; ?>; white-space: nowrap; }
font.vsmenudisabledmargin { margin: 1px 1px 1px 8px; }
span.vsmenudisabledmargin, font.vsmenudisabledmargin { margin: 1px 1px 1px 8px; }

a.help:link, a.help:visited, a.help:hover, a.help:active, span.help { text-align: <?php print $left; ?>; font-weight: normal; color: #999; text-decoration: none; }

Expand Down

0 comments on commit 63cd063

Please sign in to comment.